Juniper beefs up Mykonos Web Security to tackle more online threats

Software now targets directory traversal, brute force authentication, among other attack techniques

Juniper Networks has upgraded its recently acquired Mykonos Web Security Software to widen the range of attacks the technology can defend against.

The latest version, released Wednesday, has 30 new features and extensions, making the upgrade significantly better than the older version. Besides addressing a wider range of hacking techniques, the new software is also easier to configure and can handle larger traffic volumes. 

"It's a good, strong incremental upgrade," Jeff Wilson, an analyst at Infonetics Research, said.

Among the additional attacks the upgrade can counteract is "directory traversal," which accounts for about a third of all attacks, according to Edward Roberts, director of product marketing at Juniper. The hacker typically spiders a site's directories looking for files that are accessible because of security flaws.

[See also: 2012: The new age of malware]

When Mykonos detects this type of attack, it fools the hacker's directory scanners into believing files are available, so that they will scan endlessly without obtaining information. At the same time, Mykonos gathers information about the attack, so customers can build better defenses.

Another attack addressed in the upgrade is "brute force authentication," Roberts said. If the hacker has a user ID, he will run scripts to try various combinations of commonly used passwords to try to break into the site. When such an attack is detected, Mykonos locks out the hacker's machine, so even if it guesses the password it still won't be able to enter. In the meantime, the real user will be able to access the system.

Finally, the upgrade offers vulnerability protection against third-party web applications embedded in a site. For example, if a site uses the blogging tool WordPress, Mykonos will automatically defend against attacks targeting known vulnerabilities.

In general, Mykonos inserts what Juniper calls "detection points" into web application code that fools hackers into believing there are vulnerabilities in the site. When an attack on one of these bogus flaws occurs, Mykonos inserts a cookie into the hacker's computer in order to build a profile. Customers have the option of monitoring the hacker's work for as long as they want, before blocking his system from the site.

Besides addressing more types of attacks, the latest upgrade also can handle more Web traffic. The previous version was limited to 1 gigabit of traffic per second. The upgrade lets customers run the software in clusters to handle much higher volumes, Roberts said. This makes the product more useful to very large Web sites in telecom, financial services and e-commerce.

Finally, the upgrade includes configuration wizards to make the setup process easier. "Rather than having to know how to code to get it to go, it's very graphical," Roberts said.

Juniper, the second-largest maker of network equipment, acquired privately held Mykonos Software in February for $80 million in cash. The so-called intrusion deception technology complements Juniper's firewalls, gateways and other security products.

The latest update will likely be the first of many incremental upgrades meant to attract enterprise customers, Wilson said. "[Mykonos] is still in the proving stages to a lot of companies, because they're getting something where enforcement comes from a different place," Wilson said. "Nobody else is doing this deception-based enforcement."

Mykonos Web Security Software has a retail subscription price of $175,000 a year.

Copyright © 2012 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)